Menu
▾
▴
Re: [Linux-ima-user] IMA / EVM
|
From: Kasatkin, D. <dmi...@in...> - 2012-05-18 09:00:20
|
On Fri, May 18, 2012 at 10:46 AM, Kasatkin, Dmitry <dmi...@in...> wrote: > Hello, > > See comments inline... > > You could send question to: lin...@li... > > - Dmitry > > On Tue, May 15, 2012 at 7:45 PM, Sebastian Andrzej Siewior > <bi...@li...> wrote: >> Hi Dmitry, >> >> I just stumbled over security/integrity/evm/ in the linux kernel and it >> looks like something I could use or would like to use :) >> I failed to clone the userland tools from >> >> git://linux-ima.git.sourceforge.net/linux-ima/ima-evm-utils.git/ >> > > Did you try to look the linux-ima project page. > http://sourceforge.net/scm/?type=git&group_id=148288 > It has info how to access gits.... > > It says that repo url is: > git://linux-ima.git.sourceforge.net/gitroot/linux-ima/ima-evm-utils.git > > :) > > >> as git always said that remote closed the connection. In the end I extracted >> the source package from [0]. >> I tried to follow the wiki at [1] and see how it works. Currently I am >> stuck at >> >> | #~ keyctl add trusted kmk-trusted "new 32" @u >> | add_key: No such device >> > > Trusted keys uses TPM.. > > Have a look to source code: > tests/evm_genkey.sh > tests/evm_enable.sh > > It should how to use encrypted keys and public keys... > > Let us know how it works for you > > - Dmitry > >> And the kernel says. >> >> | trusted_key: key_create failed (-19) >> >> Another thing that I noticed is >> >> -r--r-----. 1 root root 0 May 15 18:41 /sys/kernel/security/evm >> >> as you see it is read-only. "echo 1 > evm" works (i.e. no access denied) but >> in dmesg I see >> >> | EVM: initialization failed >> >> So my question here is does it work? Or could it be that it got broken >> in v3.4.0-rc7? >> >> [0] ftp://ftp.nohats.ca/ima/evm-utils-0.1.0-1.fc17.src.rpm >> [1] >> http://sourceforge.net/apps/mediawiki/linux-ima/index.php?title=Main_Page >> >> Sebastian Hi, I have also updated Wiki page and added key generation and initramfs-tools/GRUB examples. https://sourceforge.net/apps/mediawiki/linux-ima/index.php?title=Main_Page - Dmitry |
